Hi All, i am doing a configuration on Role Based CLI here i am attaching the configuration also, i have some doubts
1) cli-view-naem=user1 ===> this we need to enable on the "default group" or in "user1" profile on ACS 2) i am able to sucessfully configured the view but i thing its not working why 3) when i try to telnet from R3 i am able to telnet through the username and password, but when i see the show privi ====> it is showing 15 regards krishna
Rack49R1#sh run Building configuration... Current configuration : 2353 bytes ! version 12.4 parser view user1 secret 5 $1$K0bz$IsT3guVfhPemtMwOyqhkw1 commands configure include all radius-server commands configure include all tacacs-server commands configure include all aaa commands exec include configure terminal commands exec include configure commands exec include all show ! service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Rack49R1 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$PWCr$pl9WOLSlIM5tnHjU6Ieed1 ! aaa new-model ! ! aaa authentication login acs group tacacs+ aaa authentication login noacs line none aaa authorization exec acs group tacacs+ ! ! aaa session-id common ! dot11 syslog ip source-route ! ! ip cef ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! voice-card 0 ! ! ! ! ! archive log config hidekeys ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! interface Loopback2 ip address 49.49.51.1 255.255.255.0 ! interface Loopback22 ip address 64.102.51.1 255.255.255.0 ! interface FastEthernet0/0 ip address 49.49.6.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 49.49.3.1 255.255.255.0 duplex auto speed auto ! router ospf 1 log-adjacency-changes redistribute static subnets network 49.49.3.0 0.0.0.255 area 0 network 49.49.51.0 0.0.0.255 area 0 network 49.49.0.0 0.0.255.255 area 0 default-information originate always ! ip forward-protocol nd ip route 10.2.2.0 255.255.255.0 49.49.3.12 ip route 12.2.3.4 255.255.255.255 49.49.3.8 ip route 49.49.2.0 255.255.255.0 49.49.3.10 ip route 49.49.4.0 255.255.255.0 49.49.3.12 ip route 49.49.200.0 255.255.255.0 49.49.5.2 ip route 150.1.49.0 255.255.255.0 49.49.3.10 ip http server no ip http secure-server ! ! ip tacacs source-interface FastEthernet0/0 ! ! ! ! ! ! tacacs-server host 150.1.49.241 key cisco ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login authentication noacs line aux 0 login authentication noacs line vty 0 4 exec-timeout 0 0 password cisco authorization exec acs logging synchronous login authentication acs line vty 5 15 authorization exec acs login authentication acs ! scheduler allocate 20000 1000 end Rack49R1#sh run Building configuration... Current configuration : 2353 bytes ! version 12.4 parser view user1 secret 5 $1$K0bz$IsT3guVfhPemtMwOyqhkw1 commands configure include all radius-server commands configure include all tacacs-server commands configure include all aaa commands exec include configure terminal commands exec include configure commands exec include all show ! service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Rack49R1 ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$PWCr$pl9WOLSlIM5tnHjU6Ieed1 ! aaa new-model ! ! aaa authentication login acs group tacacs+ aaa authentication login noacs line none aaa authorization exec acs group tacacs+ ! ! aaa session-id common ! dot11 syslog ip source-route ! ! ip cef ! ! no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! voice-card 0 ! ! ! ! ! archive log config hidekeys ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! interface Loopback2 ip address 49.49.51.1 255.255.255.0 ! interface Loopback22 ip address 64.102.51.1 255.255.255.0 ! interface FastEthernet0/0 ip address 49.49.6.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 49.49.3.1 255.255.255.0 duplex auto speed auto ! router ospf 1 log-adjacency-changes redistribute static subnets network 49.49.3.0 0.0.0.255 area 0 network 49.49.51.0 0.0.0.255 area 0 network 49.49.0.0 0.0.255.255 area 0 default-information originate always ! ip forward-protocol nd ip route 10.2.2.0 255.255.255.0 49.49.3.12 ip route 12.2.3.4 255.255.255.255 49.49.3.8 ip route 49.49.2.0 255.255.255.0 49.49.3.10 ip route 49.49.4.0 255.255.255.0 49.49.3.12 ip route 49.49.200.0 255.255.255.0 49.49.5.2 ip route 150.1.49.0 255.255.255.0 49.49.3.10 ip http server no ip http secure-server ! ! ip tacacs source-interface FastEthernet0/0 ! ! ! ! ! ! tacacs-server host 150.1.49.241 key cisco ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 password cisco logging synchronous login authentication noacs line aux 0 login authentication noacs line vty 0 4 exec-timeout 0 0 password cisco authorization exec acs logging synchronous login authentication acs line vty 5 15 authorization exec acs login authentication acs ! scheduler allocate 20000 1000 end ================== Rack49R3#telnet 49.49.6.1 Trying 49.49.6.1 ... Open Username: user1 Password: Rack49R1>en Password: Rack49R1#show Rack49R1#show privilege
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
